Page 1 of 1
ASP.NET Security Flaw Can Bypass Password
Posted: Mon Oct 11, 2004 4:01 am
by patrikG
netcraft wrote:
A security flaw in Microsoft's ASP.NET technology could allow intruders to enter password-protected areas of a web site by altering a URL. A fix is not yet available, but Microsoft is offfering guidelines to help ASP.NET users secure their sites against intrusion attempts. The flaw exists only in ASP.NET, not ASP (Active Server Pages).
http://news.netcraft.com/archives/2004/ ... sword.html
No ASP-bashing, please.
Posted: Thu Nov 04, 2004 7:28 pm
by hawleyjr
This is one more reason why open source software will always be superior to Non-Open Source. This security flaw would have been fixed as quickly as it was found had this happened in the Open Source world. Everyone running a MS server is at the disposal of MS and now has to wait for MS to update their server software.
Long Live Open Source
Posted: Thu Nov 04, 2004 8:16 pm
by Weirdan
Well, it's old news. I remember this bug had been posted sometime back in September on NTBugTraq list.
Posted: Fri Nov 05, 2004 3:01 am
by phpScott
that sort of goes along with this news about Abbey bank in the uk
http://news.bbc.co.uk/1/hi/business/3984845.stm
Where users where able to bypass entering a password and only use ther username to login in.
It has now been fixed but whoooo!!!! for security in online banking.
Posted: Sat Nov 06, 2004 6:44 am
by m3mn0n
Wonderful. More ammunition for us server admins to get people to migrate to the world of open source.
